W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

Re: [CORS] Applying preflight cache to an entire domain?

From: Monsur Hossain <monsur@gmail.com>
Date: Wed, 18 Apr 2012 11:34:42 -0500
Message-ID: <CAKSyWQkqzRaQwWzh5GApFiQhHCp29akcboTyQH5pWG3iGZm0pQ@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: public-webapps@w3.org
Ah thank you! I agree that url canonicalization is a difficult issue to
solve. FWIW, I was envisioning something much simpler. The CORS spec makes
it clear that cache lookup should be done by origin and request url. So
instead of specifying a url to this Access-Control-Policy-Path header, it
would be just one of three values:

   - "url" - (default behavior) Cache lookup is done by origin and request
   url, as the spec indicates now
   - "origin" - Cache lookup is done by origin only. Preflight response
   applies to any request from this origin.
   - "any" - Cache lookup applies to *any* origin making requests to the

This would fit in with the current preflight caching model while still
allowing some flexibility to servers implementing CORS.


On Wed, Apr 18, 2012 at 7:16 AM, Anne van Kesteren <annevk@opera.com> wrote:

> On Tue, 17 Apr 2012 23:35:16 +0200, Monsur Hossain <monsur@gmail.com>
> wrote:
>> Hi there. The CORS spec currently indicates that the preflight cache
>> should
>> store preflight responses for a particular origin/request url pair. That
>> means that multiple requests to different urls on the same domain will
>> always trigger a preflight, even if the preflight response is exactly the
>> same for those urls. If a server only accepts a set of well defined http
>> methods and http headers, then issuing the preflight on different requests
>> is redundant.
>> I was wondering if there could be a way for the server to indicate what
>> scope the preflight applies to? For example, the default could still be
>> to cache per origin/request-url, but maybe the server could set a special
>> "Access-Control-Max-Age-Scope: domain" response header to indicate that
>> the preflight response can be used for any request to the domain. Has
>> anything like this been considered?
> Yes.
> http://lists.w3.org/Archives/**Public/public-appformats/**
> 2008May/0039.html<http://lists.w3.org/Archives/Public/public-appformats/2008May/0039.html>
> --
> Anne van Kesteren
> http://annevankesteren.nl/
Received on Wednesday, 18 April 2012 16:35:16 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 February 2015 14:36:58 UTC